Nowadays, companies’ IT infrastructure is exposed to a wide range of threats. Phishing, vishing, whaling or CEO fraud are just a few examples of IT crime that can no longer be combated with anti-virus software alone. Badly worded e-mails that ask users to enter their passwords and are easy to expose are increasingly on the decline.
Deceptively genuine messages, possibly even with the e-mail address of the employee’s own boss, leave employees in little doubt about the authenticity of the e-mail – but even a single click can lead to serious damage in companies.
Social engineering is the keyword with which IT decision-makers are currently confronted: A new level of cybercrime that exploits the human psyche and uses targeted deception to trap users. Not a new principle, but particularly treacherous, because the astonishing authenticity of the hacker emails banishes any healthy doubts in the user’s mind.
But how can you protect yourself and your company from such attacks?
Increase security awareness
The human factor is now probably the most critical factor in IT security in companies. It is therefore particularly important that you sensitize your employees to IT security measures and increase security awareness in your company.
- Record your employees’ level of knowledge about IT security and social engineering in particular. Establish a basic understanding of why the topic must be given central importance. And: encourage staff to report any suspicions immediately – as always, prevention is better than cure.
- In addition to IT security training, regular tests are also helpful. One method, for example, is penetration testing with fake phishing emails.
Based on the click rates, you can determine the weak points in the security awareness program during the evaluation.
BYOD as a source of danger?
Another factor with a major security risk: the BYOD(bring your own device) phenomenon, which is now commonplace in most companies and promises to make work processes more flexible and simpler, comes with a major disadvantage: in most cases, employees do not exercise the same caution when using their own devices as they usually do with company devices. Risks such as data leakage through apps, insecure passwords or use by third parties are potential sources of danger.
Read this blog article to find out how to properly protect BYOD from social engineering.
Social engineering is an even easier undertaking for hackers on mobile devices: For example, reduced display options play right into the attackers’ hands. Many users don’t bother to click on the sender’s email address to see it in full.
However, no matter how much companies invest in training and sensitizing employees, humans are and remain creatures of habit and occasional carelessness and mistakes cannot be completely ruled out.